Access policies
Access policies
Understand how the Access Policy works, and how it enables granting roles and permissions to specific groups of resources and targets.
The main benefit of assigning an Access Policy to an Access Group is that it makes all members of that group to inherit the same permissions.
Access Policy governs Access Group permissions to perform actions within the platform. An Access Policy includes a
Subject
(User IDs, Services IDs, Access Groups), a Target
(associates resources), and a Permission
(associates roles).Imagine the following scenario where you want to create an Access Policy with Kyndryl's IAM infrastructure:
I want to give a subject... | ...access to a target... | ...with specific permissions |
|---|---|---|
- User - Service ID - Access Group (Combination of User/Service IDs) | IAM Resources of one or more Resource Types (Policies, Access Group, etc.) Application Resources of one or more Resource Types (Orders, Catalogs, Budgets, DRGs, VMs, Kubernetes Cluster, Builds, Repositories) | Platform Roles: 1. Administrator 2. Editor 3. Viewer 4. Operator App Roles: - App Role 1 - App Role 2 Custom Role: Created based on the existing out-of-the-box roles permissions available. |
Do you have two minutes for a quick survey?
Take Survey
